Unencrypted blockchain leads to snooping

[MoonShadow]

No. 

There is no encryption method that would work that wouldn't simply be a waste of resources, since the key would have to be widely known anyway.

Care to elaborate?

Not really worth my time.  Prove that you understand how the system actually works, and then I might consider hearing out your theories.

I understand enough to know that when I make a transaction, there is enough information between the blockchain and google's records of me visiting the recipient's website to copy the address, to completely and uniquely tie me to that transactions.

You could use tor.

That is enough for me to be concerned about the security of the system.  I am not a moron, and I am not of the "DRM generation".  I am an opensource developer with projects on github.

The fact that no one will even admit that this is an issue and instead chooses to butt heads with me is alarming.

We didn't say it wasn't an issue, we said that the way that you want to do it can't be done without breaking the zero trust requirement of the main blockchain.  However, your idea did spark my own....

The root problem isn't that the openness of the blockchain permits some transactions to be seen in cleartext, it's that it permits all of them to be seen.  But this isn't entirely true, as off-network transactions do occur and hiding services (commonly called bitcoin laundries or bitcoin mixers) also exist.  Examples include transactions that occur directly between users of MtGox, or directly between users of Silk Road.  The advantage of such services, particularly with large user bases, is that it's impossible to track the flow of funds among the membership without access to the server itself; and the disadvantage is that users must have trust in the sysadmins to 1) not steal their coins, 2) not be bested by motivated hackers and 3) not roll-over when the MiB show up at tehir door.

But what if you could run a decentralized service?  Sort of a hybrid between the full blockchain and a hosted wallet service.  Take this one, for starters...

An alt-chain, wherein the headers contain all the info that Bitcoin's headers contain, plus some additional info that ties each block to a recent transaction on the main chain, namely that the miner of the alt-chain first creates a send-to-self transaction, then references both the block number that included that transaction, the transaction ID#, and signs something in the block with that addresses private key.  The point is that 1) it establishes a timestamp in lockstep with the main bitcoin chain, 2) leverages the difficulty level of the main blockchain since in order to alter that block later, the alt-chain attacker should have to also alter the main blockchain and 3) establishes the miner's Proof of Stake. 

Once that has been established, the structure of the alt-chain block is as follows.  There is still a merkel tree, but instead of each pair of transactions being hashed, blocks of encrypted data is being hashed into the tree, and the miner's only job is to verify that the blocks of data are 1) not corrupted and 2) are signed by at least two other alt-miners.  Heres the overall idea.  Instead of a running ledger, each miner is effectively a trusted supernode that manages a limited userbase.  The data blocks are updates on the values of their users' accounts.  Each of these miners have traded keypairs with at least two other miners, so that they can 1) negotiate transfers between users of each others userbase and 2) verify and sign their submitted data blocks.  This means that, although the compromise of any single miner by hackers/MiB would open that set of users/transactions to view, it would be practically impossible for any single node to decrypt an entire alt-block.  Thus, some portion of that block would remain unknowable, and insomuch as this system would be a popular off-blockchain transfer system, funds that pass through it would break the chain of visable custody.

Even writing it down, I'm not conviced it can even work, as users must be able to trust the miners/supernodes and those miners would have to be able to trust each other.

[1714921120]

1714921120

[1714921120]

1714921120

[1714921120]

1714921120

[jackjack]

Re-using an address is a bad practice for anonymity.  You are welcome to do so if you wish, but if you care about anonymity you should use a brand new address for EVERY TRANSACTION.  That address should only be shared between the sender and the receiver.  In that way, only the sender and receiver have any idea who the parties to the transaction are.  This satisfies your concerns about only the involved parties knowing who participated, while maintaining a public ledger that provides every participant to verify the validity of the bitcoins that they receive without needing to trust any other peer.

How often do you verify random transactions of others?

Oh. Wow.

[Severian]

I understand enough to know that when I make a transaction, there is enough information between the blockchain and google's records of me visiting the recipient's website to copy the address, to completely and uniquely tie me to that transactions.

Why aren't you using a VPN?

I am not a moron

http://www.youtube.com/watch?v=LovYNScgReY&t=7m57s

[movellan]

I have only rudimentary knowledge of how the blockchain works, but have always used a new wallet address from a different VPN ip address for each and every transaction. This seemed logical to maintain a modicum of anonimity. Am I wrong in this assumption?

[Dabs]

I think that's extreme. Unless you were not paying for each different VPN ip address (and that's essentially what TOR does.)

[MaxCoins]

Zerocoin may be of interest in terms of this discussion.

Fincen Spying Plan Invites Privacy Workarounds

http://www.americanbanker.com/bankthink/fincen-spying-plan-invites-privacy-workarounds-1057728-1.html?zkPrintable=1&nopagination=1

[movellan]

I think that's extreme. Unless you were not paying for each different VPN ip address (and that's essentially what TOR does.)

Not using TOR, but a private VPN with a lot of nodes worldwide and no logging. It may be extreme, but I still ask is it effective in making transactions more anonymous and harder to trace?

[Dabs]

It is more effective. You could post the raw transactions on blockchain or brainwallet.org through your VPN and you'd essentially be anonymous. If someone makes an email-to-transaction-broadcast thingie, that works with OpenPGP, you could make truly anonymous transactions. Or if someone operates a hidden service (on TOR) that does this.

But, just using the plain reference client already allows you a certain anonymity, because you only broadcast your transaction to a limited number of nodes, and they relay it to the rest of the world.

[sigma02]

I sweep all my 10,000,000 coins into one giant address, then send them back to random addresses. Not all at once, and not in any particular order. I mean, I could just play Satoshi Dice to launder my coins (play the 97% game so you only have a 3% chance of losing). That would be a pain to track.

Go to satoshidice.com.  Note that Google+1 tracker is placed into your page.  Note the scripts from Google that are in the page.

Are you still convinced that it would be hard to track your transaction?

[sigma02]

Please consider that TOR and vpns do not solve the problem.

If you access satoshidice through tor or vpn and allow google trackers to log you - which you HAVE TO in order to play - unless you are very, very careful to not leave a fingerprint, delete all cookies, flash cookies etc, not log in to read your email or do anything else during the session, chances are high that google knows exactly who you are.

If bitcoin is adopted en masse (and I still hope it does, I think), not too many people are going to take really serious precautions just to be anonymous.  The end result is that google, for instance, has access to the bank accounts for pretty much all transactions.  The rest it can consider suspicious.

[sigma02]

...
The wallet that I run (Bitcoin-Qt) verifies EVERY transaction that it relays to any peers.  It also verifies EVERY transaction in every block that it receives to be added to the blockchain.  As has been said already:
...
So far you are only proving that you don't understand what bitcoin is, how it works, and what longstanding crypto-currency issues it solves.

I don't claim technical knowledge.  I am presenting a problem that's much bigger.  Really, I am simply asking a question you should be asking as well, instead of witch-hunting.

• A financial transaction system is proposed by an unknown party.  It solves pretty much all technical issues with double-spends, network integrity and provides for safe transactions. 
• It also leaves a permanent and verified-correct record of all transactions ever made.
• Most transactions originate by copying a web address from the web.   
• Another party has access to very accurate web logs of pretty much all web transactions.

This makes me uncomfortable.  I am not suggesting that bitcoin doesn't work and proposing half-assed fixes.

[greyhawk]

You seem kinda paranoid.

Google is not the Cylons. Trust me. Number 6 told me so.

[sigma02]

...
Even writing it down, I'm not conviced it can even work, as users must be able to trust the miners/supernodes and those miners would have to be able to trust each other.

Interesting that everyone jumped on me for being a DRM addict and not understanding anything for suggesting that the open blockchain is a security threat to individuals.  MoonShadow apparently is allowed to propose ideas that completely subvert the zero-trust nature of bitcoin.

[sigma02]

You seem kinda paranoid.

Google is not the Cylons. Trust me. Number 6 told me so.

My father learned the hard way, in a concentration camp, that whenever someone makes a long list of people, things end badly.

[sigma02]

Also consider that we are in a world of crypto-idiots.  People still don't encrypt their email, even though in the US at least, agencies have access to it without a warrant.

Yes I am paranoid.  You should be too.

[greyhawk]

You seem kinda paranoid.

Google is not the Cylons. Trust me. Number 6 told me so.

My father learned the hard way, in a concentration camp, that whenever someone makes a long list of people, things end badly.

So you're about 60? Sure sounds like DRM Generation to me.

[jackjack]

Triple posting isn't necessary, we have a magical "edit" button for this

[sigma02]

So you're about 60? Sure sounds like DRM Generation to me.

Really now.  How low.  Let's use the dreaded D word again.

Actually I was lying about my father. For effect.

[mobodick]

Please consider that TOR and vpns do not solve the problem.

If you access satoshidice through tor or vpn and allow google trackers to log you - which you HAVE TO in order to play - unless you are very, very careful to not leave a fingerprint, delete all cookies, flash cookies etc, not log in to read your email or do anything else during the session, chances are high that google knows exactly who you are.

If bitcoin is adopted en masse (and I still hope it does, I think), not too many people are going to take really serious precautions just to be anonymous.  The end result is that google, for instance, has access to the bank accounts for pretty much all transactions.  The rest it can consider suspicious.

So you're basically saying that google can see the website you get served?
How the hell is ANY account safe from google?
Anyway, you're having a cool fantasy, i'll let you at it..

[greyhawk]

Actually I was lying about my father.

I know. Don't pull the Hitler card on Germans. It'll fail miserably.